There Is One Feature Is Missing ^.^

[0xAwali]

Actually This Tool Is So Great , But In type: fuzz There Is One Feature Missing
It Is Fuzz Cookie Header , This Tool Give Us To Replace Value Of Header Name But Let e.g.
Cookie Header Of The Origin Request Like This
Cookie: session=1; id=22; lang=en
So It Is Possible To Fuzz Cookie Here Like Fuzzing Body e.g. Can You Add Something Like That

id: Cookie-Fuzz
info:
  name: Fuzz Cookie Headers
  risk: Critical
type: fuzz
payloads:
  - '../../../../etc/passwd'
requests:
  - generators:
       - Header-Fuzz("{{.payload}}", "Cookie")

So Here Header-Fuzz Generate Three Requests
Cookie: session=../../../../etc/passwd; id=22; lang=en
Cookie: session=1; id=../../../../etc/passwd; lang=en
Cookie: session=1; id=22; lang=../../../../etc/passwd
So Can This Happen ?

[ghsec]

in jaeles is this feature fuzz headers and cookies.
Header("[[.original]]{{.payload}}", "X-Sample")

Cookie("[[.original]]{{.payload}}")

but when I test with cookie it only tests last cookie value if add [[.original]] but if not add [[.original]] jaeles adds new cookie. it is not works correct.

[0xAwali]

OMG , Thank You For Mention That

I Did Not See That Before , I Will Check It

[ghsec]

@0xAwali bug with fuzzing cookie I tested on v0.14 of jaeles. In current version I don't know this bug fixed or not. @j3ssie know about this. Tomorow I update jaeles and test again for confirm bug fixed or not. Maybe @j3ssie fixed this.

[0xAwali]

I Tested On The Current Version And Still Does Not Work Correctly

[iamRjarpan]

Hy it only try last cookie. Is there anyway to fuzz all cookies?